Re: Brutus issue

From: Pieter Danhieux (opr@bsdaemon.be)
Date: Wed Nov 01 2006 - 12:23:29 EST

• Next message: Myke Lyons: "Re: Article / Document about passwords vs. passphrases"
• Previous message: Isaac Van Name: "RE: Brutus issue"
• In reply to: Juan B: "Brutus issue"
• Next in thread: Mister Dookie: "Re: Brutus issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Juan,

create a perl script which generates a dictionairy file for you with all
the potentail usernames, and another file with the potential passwords.
Load a dictionairy attack with Hydra.

Also, check wether the loginnames are LIMITED to 4 chars or EXACTLY 4
chars. Same remark for passwords. This could save you a lot of login
attempts ...

kind regards,

--
Pieter Danhieux
CISSP, GSEC, GCIH, CISA, GCFA
On Tue, 31 Oct 2006, Juan B wrote:
> Hi,
>
> I am conducting a pen test for a client of mine.
> in his web server he is using basic authntication
> (base 64)
> I need to issue a brute force attack against his
> authentication scheme.
> I know that the users and password are all numbers.
> foe example the user might be something as:
> 5486
> and the password could be :
>
> 546846533
> The users are limited to 4 numbers and the passwords
> for 8 numbers.
>
> How I can tell brutus or hydra to use only numbers in
> the brute force?
>
> Thanks very much !
>
> Juan
>
>
>
> ____________________________________________________________________________________
> Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates
> (http://voice.yahoo.com)
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Myke Lyons: "Re: Article / Document about passwords vs. passphrases"
• Previous message: Isaac Van Name: "RE: Brutus issue"
• In reply to: Juan B: "Brutus issue"
• Next in thread: Mister Dookie: "Re: Brutus issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:16 EDT